It wasn't in the OP, but I wanted tools to observe the behavior of an executable. I wasn't very clear on that, sorry.

Short of reverse engineering the file, I was looking for ways to see what parts of the OS were touched so I would know how to clean up.

In my case, I wouldn't be analyzing the entire system, only a binary provided to me. So you folks may be debating about different situations (comprimised system, single file)